But while, for the most part, the spread of WannaCry has been stopped, cybercriminals and hackers are still using the leaked EternalBlue exploit to carry out a much more discreet form of cyberattack, say researchers at FireEye.

This time, the SMB vulnerabilities are being used to distribute Backdoor.Nitol – a Trojan horse which opens a backdoor on the infected computer – and Gh0st RAT, a form of malware capable of taking full control of a machine in addition to conducting espionage and stealing data.

The latter is particularly dangerous and is repeatedly a thorn in the side of the aerospace and defence industries, as well as government agencies and even activists. Now those behind this new Gh0st RAT campaign are using EternalBlue exploits in an effort to compromise Singapore, while Nitol is attacking the wider South Asia region.

Researchers note that machines vulnerable to the SMB exploit are attacked by hackers using the EternalBlue exploit to gain shell access to the machine.

The initial exploit used at the SMB level is similar to what’s been seen in WannaCry attacks, but this time, instead of being used to deploy ransomware, the attack opens a shell to write instructions into a VBScript file which is when executed to retrieve the payload from another server in order to create the required backdoor into the machine using Nitol or Gh0st RAT.

While neither attack is new – both have plagued victims for years – the addition EternalBlue adds additional potency to attacks, although nothing so far has suggested that it could spread so widely as quickly as WannaCry did.

And with the EternalBlue exploits now out in the open for any malicious actor to use, it’s likely that we’ll see it used again and again in new types of attacks.

“The addition of the EternalBlue exploit has made it easy for threat actors to exploit these vulnerabilities. In the coming weeks and months, we expect to see more attackers leveraging these vulnerabilities and to spread such infections with different payloads,” said researchers at FireEye Dynamic Threat Intelligence.

“It is critical that Microsoft Windows users patch their machines and update to the latest software versions as soon as possible,” they add.